log☇︎
144400+ entries in 0.083s
asciilifeform: i.e. until we have one another's mods ~and~ pubexps! we're not really rsaparties. with all that flows from this.
mircea_popescu: asciilifeform there is no communication among unknown parties. someone somewhere gives you a key.
a111: Logged on 2017-11-14 11:09 apeloyee: http://btcbase.org/log/2017-11-08#1734517 << not quite. for encryption, if I get your modulus, and you actually want to read my messages, I can generate a public exponent between M/2 and (say) 3M/4, and attach it to the message in plaintext.
diana_coman: that being said, I can't quite see it being any *worse* than this affair with fixed size AND fixed top bits ☟︎
diana_coman: apeloyee, my first thought went that way but then on one hand this just makes the interval larger basically and on the other hand I have no idea how to even evaluate the compromise (i.e. how large interval is large enough anyway, leaving aside that the how big is big enough for p and q is not that terribly clear either -at least not to me); in other words I can see it as an improvement but I can't actually evaluate it clearly
apeloyee: diana_coman: if keeping the minimum of 2^2047 for primes, you can, for example, generate primes between 2^2047 and 2^2049, and start over if the modulus is unacceptable. not sure what minimum for p and q makes sense. ☟︎☟︎
spyked: current lispm ads: http://p.bvulpes.com/pastes/8ROcg/?raw=true if teh real-life gods decide to leave my ass alone, I might publish the whole thing over the weekend.
a111: Logged on 2017-11-13 19:47 asciilifeform: and not 'as much as you want' but up to B bytes, with B given on commandline and stackframed on warmup.
spyked: http://btcbase.org/log/2017-11-13#1737294 <-- not sure if possible with ffatronic ada subset, though, because of "no dynamic objects" restriction. in my (yet-unpublished) prototype, lisp memory size is a static knob. ☝︎☟︎
a111: Logged on 2017-11-13 19:36 asciilifeform: and rewrite the parser per se in scheme ( have it be present as commented bytecode constant )
spyked: http://btcbase.org/log/2017-11-13#1737266 <-- I did not contemplate bytecode representation, but this would indeed make matters simpler (including above problem of dealing with strings). ☝︎
spyked: http://btcbase.org/log/2017-11-13#1737264 <-- strings are (lisp) lists-of-characters. which, as it is, unfortunately makes parsing and evaluating builtin functions (e.g. cons, car, cdr) a pain in the ass. can be structured cleanly though. also, this makes it not a simple matter of find+replace in shithub scheme.adb. ☝︎☟︎
diana_coman: apeloyee, if I understand that correctly basically the only way to plug that leak would be to give up on diddling p and q, including setting size; which would mean just get random pairs of primes until their product fits the desired number of bits for the key; obv this lands into the trouble of having one of them too small ☟︎
a111: Logged on 2017-11-13 19:36 asciilifeform: and get rid of the pointers.
spyked: http://btcbase.org/log/2017-11-13#1737268 <-- this. ftr, current adalisp prototype (not-yet-published and thus yet-vapourware!) represents "pointers" as indices in a statically-allocated array. ☝︎☟︎
apeloyee: assuming M is a modulus of a useful RSA key, this will work
a111: Logged on 2017-11-08 22:03 asciilifeform: not knowing the e has exactly same effect as not knowing half of the n.
apeloyee: http://btcbase.org/log/2017-11-08#1734517 << not quite. for encryption, if I get your modulus, and you actually want to read my messages, I can generate a public exponent between M/2 and (say) 3M/4, and attach it to the message in plaintext. ☝︎☟︎
apeloyee: if M is say, 1.999999 * 2^2047, then ~20 first bits of p and q are known ☟︎
apeloyee: can't see how to plug it completely though
apeloyee: if "no leaks on principle", this needs to be dealt with
apeloyee: if the modulus is M, then p,q>M/2^2048 (because p,q<2^2048) ☟︎
apeloyee: fwiw I just realized that this ^ leaks a little via the modulus
diana_coman: and by "flips" I mean sets them to 1
diana_coman: http://btcbase.org/log/2017-11-14#1737414 <- confirmed; I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing ☝︎
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
BingoBoingo: One you probably need to read sooner is http://trilema.com/anonimity-or-the-urban-versus-rural-dispute
hubud: Hard to find a sane btc community these days
hubud: Oh yeah, there are some juicy juicy ones
BingoBoingo: Just wait till you get to the classics
hubud: Problems of today
BingoBoingo: So, what's your favorite trilema piece so far?
BingoBoingo: Ah, love the goats, but indifference to the work of goats
hubud: He treats them well
hubud: stumbled on trilema blog last week, been reading nearly nonstop since.. ☟︎
BingoBoingo: The Ubiquiti or the Biostar
BingoBoingo: Under the guise of when visiting Shaman, buy cheapest that can move the traffic
BingoBoingo: It looks like I'm going to be spending 2U on an Ubiquity Edgerouter Pro and an Ebuquity Edgeswitch lite, unless there are other ideas for networking hardware
jhvh1: BingoBoingo: The operation succeeded.
BingoBoingo: !~later tell mircea_popescu http://wotpaste.cascadianhacker.com/pastes/cnUuO/?raw=true
lobbes: http://btcbase.org/log/2017-11-13#1737253 << time will tell. Depends on how much the logs-to-date worth of archives end up being in drive space. Bandwidth also a factor. Many things left to be sussed out. ☝︎☟︎
a111: Logged on 2017-11-13 18:21 asciilifeform: lobbes: does this mean that you can mirror the whole zip collection nao ? ☟︎
lobbes: http://btcbase.org/log/2017-11-13#1737252 << I do plan to walk-back the logs and pull what still exists. Hard-drive space willing for being able to serve up the things on-demand (only ~40GB to work with on the VPS) ☝︎
asciilifeform: ( i could even readily believe that an , e.g., 25x rise in the heathenbux:btc exch rate would make no practical diff to mircea_popescu . but i suspect that i am not the only one here for whom it would make a palpable diff. )
a111: Logged on 2017-11-14 02:07 mircea_popescu: but if you wish to argue it in substance, the fiat valuation of bitcoin is broadly irrelevant -- to bitcoin, to the actrual things the fiat turds misclaim to represent, etcetera. whereas the penmanship of the l1 is relevant by definition.
asciilifeform: http://btcbase.org/log/2017-11-14#1737451 << i see the q of whether a coin buys a rowboat, a battleship, or entire flotilla, as broadly interesting one -- but mebbe that's just me ☝︎
a111: Logged on 2017-11-14 01:44 mircea_popescu: allegedly teh soviets were so impressed with it packed the whole assembly line took it to russia in 1945
asciilifeform: http://btcbase.org/log/2017-11-14#1737435 << keep in mind, this was not a high bar -- ru soldiers took home even toilets from germany ☝︎
mircea_popescu: but if you wish to argue it in substance, the fiat valuation of bitcoin is broadly irrelevant -- to bitcoin, to the actrual things the fiat turds misclaim to represent, etcetera. whereas the penmanship of the l1 is relevant by definition. ☟︎
hanbot: <mircea_popescu> (asciilifeform's ticker idea) << nah, autospeaking bots to be kept at a minimum which is 0. << for the curious, why is say deedbot's rss announcer a non-auto event whereas a market movement isn't?
a111: Logged on 2017-11-13 21:10 asciilifeform: ^ pheeature idea : why not have ticker autofire when the number moves >10% from last tick
mircea_popescu: http://btcbase.org/log/2017-11-13#1737334 << nah, autospeaking bots to be kept at a minimum which is 0. ☝︎
mircea_popescu: if we had a way to quantify we could just decide.
a111: Logged on 2017-11-13 20:57 asciilifeform: the boojum is that neither i nor anybody else knows of any rational way to quantify the compromise.
mircea_popescu: http://btcbase.org/log/2017-11-13#1737321 << this is a problem ; but perhaps opening it up to the market may be helpful.\ ☝︎
a111: Logged on 2017-11-13 20:35 diana_coman: I can't seem to find in the logs any discussion re duplex construction/duplexing the sponge i.e. keccak's authors own proposal of using keccak for authenticated encryption; did anyone look into this?
ben_vulpes: http://btcbase.org/log/2017-11-14#1737405 << currently working the 4th permutation of a 65536 byte message for a 32 bit hash ☝︎
mircea_popescu: (that site pretty decent ref of romanian vehicle production, incl de teardrop lulzitem)
mircea_popescu: allegedly teh soviets were so impressed with it packed the whole assembly line took it to russia in 1945 ☟︎
mircea_popescu: but supposedly this makes you stronger.
mircea_popescu: i get odd viral influenzas in the first months of mingling with the whores of a new land also.
asciilifeform somewhat addled with viral fevers, and strange dreams at night ( featuring such colourful characters as tov. ceaușescu )
mircea_popescu: very important NOT to use any kind of nextprime, as it turns out .
asciilifeform: now i recall having argued this myself, lol
mircea_popescu: asciilifeform no, because see, if you don't use nextprime you lack the "nop bridge" so to speak. rolling number 6 does not take you to 7. to get 7 you need a natural 7, and this is equiprobable to rolling a natural 2^74207281-1 on the space of (0,2^74207281-1).
asciilifeform: ( 2048 rather. but you get the idea )
a111: Logged on 2017-11-13 19:40 asciilifeform: whole thing reads like straight translation from c
asciilifeform: ( there are still fewer primes than 2^4096bit phase space )
asciilifeform: somewhat counterintuitively, you still get same result ( minus the time sidechannel leak, naturally )
a111: Logged on 2017-11-13 19:29 phf: http://btcbase.org/log/2017-11-13#1737247 << it looks like a properly structured scheme evaluator, but it's ~explicitly~ lacking a native cons, which might be a very good exercise for whoever™ adding a static allocation space, adding mark-and-sweep, then all those To_Unbounded_String look like they can be simply search/replaced
mircea_popescu: http://btcbase.org/log/2017-11-13#1737262 << this is actually a pretty good approach. ☝︎
asciilifeform: afaik the only remaining, and most obvious 'loss' is the one implicit in prime number theorem ( where , wat, ~10k possible rng outputs correspond to same prime output )
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
a111: Logged on 2017-11-13 17:47 ben_vulpes: and in ancients, dusted off mpfhf benchmarker, finished the bit-banging of inputs, fired off a run late last week that is *still hashing*
asciilifeform: afaik diana_coman exhaustively showed the places
mircea_popescu: it's still an unreturned function "what other bits are lost what other places". so this 4090 still an upper bound.
mircea_popescu: clarity is more valuable than a nearer asimptote, in many contexts.
a111: Logged on 2017-11-14 01:06 mircea_popescu: asciilifeform there's nothing in principle wrong with the 2045 bit primes, except, of couyrse, the lying about it.
a111: Logged on 2017-11-14 01:02 mircea_popescu: im not going to have my tech people do backflips to seamlessly bridge imperial idiocy into reality when i could just have the marketing people point out to how the empire lied by making the difference a point of difference.
asciilifeform: ( plus the 2 bottoms )
mircea_popescu: as you'll reject the primes and end up with the same 2045 bits of entropy
mircea_popescu: you lose it by this impl as well.
asciilifeform: no reason to lose that 1bit of entropy.
asciilifeform: the way i'd implement the whole shebang, is simply to reject both primes if the highest bit of pq is not 1 . ☟︎☟︎☟︎☟︎
asciilifeform: (last digit of a product is not a straight product of the last-digit-of-p and last-digit-of-q )
mircea_popescu: you need two bits to make 4, not 3. that's it.
asciilifeform: ( and why not then 111, 1111.... )
mircea_popescu: asciilifeform there's nothing in principle wrong with the 2045 bit primes, except, of couyrse, the lying about it. ☟︎
asciilifeform: i can actually see the 1. but why 11
a111: Logged on 2017-11-13 17:04 lobbes: Very accommodating d00d indeed. I invited him here, as well, but you know how that goes
mircea_popescu: http://btcbase.org/log/2017-11-13#1737241 << tell him that if he regs a name ima donate to his project. ☝︎
asciilifeform: if only 1 -- then high bits of p,q remain seekrit
a111: Logged on 2017-11-13 16:51 lobbes: Good news on archive front; archive.is d00d has agreed to add my ips to his cloudflare whitelist
asciilifeform: mircea_popescu: the only case where this is a problem is 0-led p + 0-led q
a111: Logged on 2017-11-13 15:20 asciilifeform: there is no legitimate reason to do it.
mircea_popescu: im not going to have my tech people do backflips to seamlessly bridge imperial idiocy into reality when i could just have the marketing people point out to how the empire lied by making the difference a point of difference. ☟︎
a111: Logged on 2017-11-13 15:09 asciilifeform: but you can trivially show that using the bottom bits in this way lets you actually get 4x as many possible primes
mircea_popescu: http://btcbase.org/log/2017-11-13#1737203 << i'm happier with properly reporting keys as 4090 bits, and pointedly explaining WHY the difference to the user. ☝︎
mircea_popescu: if it were workable for ceo to know all why would corporations even be needed in first place ?